diff --git a/docker/Dockerfile b/docker/Dockerfile index 4cfc3c726..3e0d2f7f2 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -1,6 +1,29 @@ -FROM crystallang/crystal:1.16.3-alpine AS builder +# https://github.com/openssl/openssl/releases/tag/openssl-3.5.2 +ARG OPENSSL_VERSION='3.5.2' +ARG OPENSSL_SHA256='c53a47e5e441c930c3928cf7bf6fb00e5d129b630e0aa873b08258656e7345ec' + +FROM crystallang/crystal:1.16.3-alpine AS dependabot-crystal + +# We compile openssl ourselves due to a memory leak in how crystal interacts +# with openssl +# Reference: https://github.com/iv-org/invidious/issues/1438#issuecomment-3087636228 +FROM dependabot-crystal AS openssl-builder +RUN apk add --no-cache curl perl linux-headers + +WORKDIR / + +ARG OPENSSL_VERSION +ARG OPENSSL_SHA256 +RUN curl -Ls "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" --output openssl-${OPENSSL_VERSION}.tar.gz +RUN echo "${OPENSSL_SHA256} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c +RUN tar -xzvf openssl-${OPENSSL_VERSION}.tar.gz + +RUN cd openssl-${OPENSSL_VERSION} && ./Configure --openssldir=/etc/ssl && make -j$(nproc) + +FROM dependabot-crystal AS builder RUN apk add --no-cache sqlite-static yaml-static +RUN apk del openssl-dev openssl-libs-static ARG release @@ -21,12 +44,18 @@ COPY ./videojs-dependencies.yml ./videojs-dependencies.yml RUN crystal spec --warnings all \ --link-flags "-lxml2 -llzma" + +ARG OPENSSL_VERSION +COPY --from=openssl-builder /openssl-${OPENSSL_VERSION} /openssl-${OPENSSL_VERSION} + RUN --mount=type=cache,target=/root/.cache/crystal if [[ "${release}" == 1 ]] ; then \ + PKG_CONFIG_PATH=/openssl-${OPENSSL_VERSION} \ crystal build ./src/invidious.cr \ --release \ --static --warnings all \ --link-flags "-lxml2 -llzma"; \ else \ + PKG_CONFIG_PATH=/openssl-${OPENSSL_VERSION} \ crystal build ./src/invidious.cr \ --static --warnings all \ --link-flags "-lxml2 -llzma"; \ diff --git a/docker/Dockerfile.arm64 b/docker/Dockerfile.arm64 index 758e79506..b02cc8cef 100644 --- a/docker/Dockerfile.arm64 +++ b/docker/Dockerfile.arm64 @@ -1,6 +1,28 @@ -FROM alpine:3.21 AS builder +# https://github.com/openssl/openssl/releases/tag/openssl-3.5.2 +ARG OPENSSL_VERSION='3.5.2' +ARG OPENSSL_SHA256='c53a47e5e441c930c3928cf7bf6fb00e5d129b630e0aa873b08258656e7345ec' + +FROM alpine:3.21 AS dependabot-alpine + +# We compile openssl ourselves due to a memory leak in how crystal interacts +# with openssl +# Reference: https://github.com/iv-org/invidious/issues/1438#issuecomment-3087636228 +FROM dependabot-alpine AS openssl-builder +RUN apk add --no-cache curl perl linux-headers build-base + +WORKDIR / + +ARG OPENSSL_VERSION +ARG OPENSSL_SHA256 +RUN curl -Ls "https://github.com/openssl/openssl/releases/download/openssl-${OPENSSL_VERSION}/openssl-${OPENSSL_VERSION}.tar.gz" --output openssl-${OPENSSL_VERSION}.tar.gz +RUN echo "${OPENSSL_SHA256} openssl-${OPENSSL_VERSION}.tar.gz" | sha256sum -c +RUN tar -xzvf openssl-${OPENSSL_VERSION}.tar.gz + +RUN cd openssl-${OPENSSL_VERSION} && ./Configure --openssldir=/etc/ssl && make -j$(nproc) + +FROM dependabot-alpine AS builder RUN apk add --no-cache 'crystal=1.14.0-r0' shards sqlite-static yaml-static yaml-dev libxml2-static \ - zlib-static openssl-libs-static openssl-dev musl-dev xz-static + zlib-static musl-dev xz-static ARG release @@ -22,12 +44,17 @@ COPY ./videojs-dependencies.yml ./videojs-dependencies.yml RUN crystal spec --warnings all \ --link-flags "-lxml2 -llzma" +ARG OPENSSL_VERSION +COPY --from=openssl-builder /openssl-${OPENSSL_VERSION} /openssl-${OPENSSL_VERSION} + RUN --mount=type=cache,target=/root/.cache/crystal if [[ "${release}" == 1 ]] ; then \ + PKG_CONFIG_PATH=/openssl-${OPENSSL_VERSION} \ crystal build ./src/invidious.cr \ --release \ --static --warnings all \ --link-flags "-lxml2 -llzma"; \ else \ + PKG_CONFIG_PATH=/openssl-${OPENSSL_VERSION} \ crystal build ./src/invidious.cr \ --static --warnings all \ --link-flags "-lxml2 -llzma"; \